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CLAIMS 

1. A method by which a first computing entity having an RSA key pair (Na^aX 
(Na,<1a) digitally signs and encrypts a message data string, m 7 for decryption by a 
second computing entity having an RSA key pair (Nb, es), (Nb, ds), where (Na) - |N B | 
= k and m e {0,1}" , and k = n + A<> + k } for integers fco and *i 7 the method comprising: 

a) selecting an integer r € {0, l}* 1 , 

b) computing: 

w jtf(Ci(at least m and r)) 
where # : {0,1}"**° -» {0,1}* 1 > and CiO is a detenninistic combination function, 

c) computing: 

s <r- Enc(yv, C 2 (at least m and r) 
where jE>icO is a symmetric-key encryption function using w as key, and C 2 0 
is a reversible combination function,' 
steps a) to c) being repeated as necessary to obtain s || a> < Na ; and then 

d) signing by computing: 

c <- (C 3 (at least 5 and w))^ mod N A 
where C 3 () is a reversible combination function; and 

e) if c < N B , encrypting c by computing: 

c= c ,e * modiV^. 

2. A method according to claim 1, wherein if c 1 > N& following step d). the most 
significant bit of c is removed to obtain a new c % which is then encrypted by 
computing: 

c= c %c * modJVij. 

3, A method according to claim 1 ? wherein if c' > Nb following step d), steps a) to dj 
are repeated as necessary to obtain c <N$ whereupon c f is encrypted by computing: 

c- c ICs mod Nb. 

4, A method according to claim 1, wherein r is selected at random. 
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5. A method according to claim 1, wherein the function CiO is a concatenation 
function. 

6. A method according to claim 1, wherein the function C2O is a concatenation 
function. 

7. A method according to claim 1, wherein the function C3O is a concatenation 
function. 

8. A method according to claim 1, wherein the functions G0> CiQ, 2 nd QQ are all 
concatenation functions, 

9. A method according to any one of the preceding claims, wherein the symmetric- 
key encryption function EncO effects at least the followings operations: 

- forming a hash of the key w; 

- forming an exclusive-OR of the hash of w with the output of the combination 
function C2O' 

8. Apparatus for carrying out the method of claim 1 . 

9. A computer-readable medium storing a computer program arranged to condition a 
program-controlled computer, when executed by the latter, to carry out the method of 
claim L 

10. A method according to claim 1, wherein the second computing entity on 
receiving c\ 

(f) computes: 

c'^-c^modiVj 

and, provided c x <* Na, proceeds to the next step; 

(g) computes: 

c* A mod Na 

with the result being subject to a reverse of the combination function C3O 
whereby to recover at least: s and w; 
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(h) computes: 

Dec(w, s) 

where Dec§ is a symmetric-key decryption function complimenting EncQ 9 
with the result being subject to a reverse of the combination function C2O 
whereby to recover at least: m and r\ 

(i) checks that the message m is from the first computing entity by checking that: 

w — H(C\(at least m and r)). 

11. A system comprising a first computing entity, a second computing entity, and a 
communications network for communicating the first and second entities, the system 
being arranged to implement the method of claim 10. 

12. A method according to claim 2, wherein the second computing entity on 
receiving c: 

(f) computes: 

c'<-c Ji mod AT, 

and, provided c' £ A^, proceeds to the next step; 

(g) computes: 

c 1 ** mo&N A 

with the result being subject to a reverse of the combination function C3O 
whereby to recover at least: s and w 9 

(h) computes: 

Dec(w 7 s) 

where DecO * s a symmetric-key decryption function complimenting EncQ, 
with the result being subject to a reverse of the combination function C2O 
whereby to recover at least: m and r\ 

(i) checks that the message m is from the first computing entity by checking that: 

w = H(C\(zt least m and r)); 
0") where the check carried out in step (i) fails, computes a new value for c as: 

and, provided c % <N A> repeats once steps (g) to (i). 
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13. A system comprising a first computing entity, a second computing entity, and a 
communications network for communicating the first and second entities, the system 
being arranged to implement the method of claim 12. 

14- A method by which a second computing entity having an RSA key pair (Nb, es), 
(Nb> <fe)> decrypts and authenticates a ciphertext c that is purportedly a signed and 
encrypted form produced by a first computing entity of a message data string m, the 
first computing entity having an RSA key pair (N A ,eyO, (Na^a) where |N A | = pST B | =■ k 
and m e {0,1}" , and k = n + ko + k\ for integers ko and k\\ the second computing entity 
on receiving c: 

(a) computes: 

c l <-c d * modN B 
and proceeds to the next step provided that c' < Afo 

(b) computes: 

c** mod Ah 

with at least quantities s and w being recovered from the result; 

(c) computes: 

Dec(w, s) 

where DecO is a symmetric-key decryption function complimenting End), 
with at least quantities m and r being recovered from the result; 

(d) checks that the message m is from the first computing entity by checking that: 

w = #(Ci(at least m and r)) 
where i/ : {0,1}°**° -> {0,1}* , and CiO is a deterministic combination function. 

15. A method according to claim 14, wherein the function C\0 is a concatenation 
function. 

16. A method according to claim 14, wherein the symmetric-key decryption function 
DecO effects at least the followings operations: 

- forming a hash of the key m>; 

- forming an excIusive-OR of the hash of w with s. 
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17. Apparatus for carrying out the method of claim 14, 

18. A computer-readable medium storing a computer program arranged to condition a 
program-controlled computer, when executed by the latter ; to carry out the method of 
claim 14. 

19- A method by which a first computing entity having an RSA key pair (Na^aX 
(N^djO digitally signs and encrypts a message data string, m, for decryption by a 
second computing entity having an RSA key pair (Nb, es), (N B > &b)> where |N A | = [Nb| 
^ifcand me{0 7 l} a ,and £ = /i+Ab + fci forintegers and k\ , the method comprising: 

a) selecting an integer r e {0.1}*° , 

b) forming the hash a = H(m\\r) where H:{0 7 \}^ ->{0,!}* , and 

c) forming the hash s = G{a>) © (m || r) where G : {0,1}* {0,1}*** : 
steps a) to c) being repeated as necessary to obtain s\\o><Na; and then 

d) signing by forming = \\g>Y a modN A ; and, if c*>N B> 
removing the most significant bit of c* to obtain a new c'; and then 

e) encrypting c' by forming c = c' e * modN B . 

20. The method as claimed in claim 19 in which r is selected at random . 

21. A computer storage medium having stored thereon a computer program readable 
by a general-purpose computer, the computer program including instructions for said 
general purpose computer to configure it for implementing the steps of the method of 
claim 19- 

22. A method by which a first computing entity having an RSA key pair (NA,e A ), 
(N A ,d A ) digitally signs and encrypts a message data string, m, for decryption by a 
second computing entity having an RSA key pair (N 3r e B ), (Nb, d B ), where |N A | - |N 3 | 
= k and m e {0, 1}" , and t = «T^ + k\ for integers h and k\ , the method comprising: 
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a) selecting an integer r e {0,1}** , 

b) forming the hash a> = H(m\\r) where H : {0,1}"** -±{0,l} kt , and 

c) forming the hash s = G(o) © (m \\ r) where G : {0,1}* {0,1} W * , 
steps a) to c) being repeated as necessary to obtain s\\o>£Na; and then 

d) signing by forming c'**(s\\a>¥ 4 modN A ; steps a) to d) being repeated as 
necessary to obtain c'<N B ; and then 

e) encrypting c 9 by forming c = c*' mod N B . 

23* The method as claimed in claim 22 in which r is selected at random. 

24. A computer storage medium having stored thereon a computer program readable 
by a general-purpose computer, the computer program including instructions for said 
general purpose computer to configure it for implementing the steps of the method of 
claim 22. 



